Now, this is an interesting development in the ongoing war against Android. Oracle didn't just sue Google for allegedly infringing its Java patents; it also claimed copyright infringement. Oracle has amended its complaint, and, fair is fair, they've got the code to prove it: indeed, Android contains code that appears to be copied verbatim from Java - mind you, appears. However, the code in question comes straight from Apache's Harmony project, which raises the question - would a respected and long-established cornerstone of the open source world really accept tainted code in the first place?

Perhaps automated mechanisms might be put in place if you were doing a really high-profile project like Harmony. Apache might have setup some diff against the JDK to double check that no one brought in suspicious code; but was it OSS when they started Harmony though? I don't think it was...

You can easily do the diff after the code has been released.

Or use bytecode decompiler, as seems to be the case here. Actually, this might be bad publicity for Java, as releasing Java "binaries" is almost equivalent to releasing the source code (you often hear this used as argument in favor of Java against Python, js and others where source is often zipped).